128 matches found
CVE-2018-12241
The Symantec Security Analytics SA 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks ...
CVE-2018-12241
CVE-2018-12241 affects Symantec Security Analytics Web UI (SA) 7.x prior to 7.3.4; vulnerability is a reflected cross-site scripting (XSS) in the Web UI, allowing a remote attacker who knows the SA host to craft a malicious URL and entice SA users to reveal or run malicious JavaScript in the brow...
Reflected XSS Vulnerability in Security Analytics Web UI
SUMMARY The Symantec Security Analytics SA Web UI is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other...
Partner Perspectives: Integrate your SIEM, UEBA + EDR Solution with Securonix and Carbon Black
Nitin Agale is the Senior VP of Products for Securonix. Your endpoints are a valuable part of your enterprise structure. They are the computers your employees use and the servers your company depends on. Defending your endpoints is important, but it’s critical that your endpoint defense is just o...
Building the security operations center of tomorrow—harnessing the law of data gravity
This post was coauthored by Diana Kelley, Cybersecurity Field CTO, and Sin John, EMEA Chief Security Advisor, Cybersecurity Solutions Group. Youve got a big dinner planned and your dishwasher goes on the fritz. You call the repair company and are lucky enough to get an appointment for that...
CVE-2018-11061
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server...
Sql injection
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server...
CVE-2018-11061
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection caused by insecure template engine configuration. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role co...
CVE-2018-11061
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server...
10 Endpoint Security Problems Solved by the Cloud – Integrating Security Products
This blog is the third in the series: 10 Endpoint Security Problems Solved by the Cloud. Last week we investigated how cloud based security solutions are able to keep software up to date. This week we’re tackling problem 2: Integrating security products. Your Systems Are Siloed Cybersecurity isn’...
RSA Web Threat Detection SQL Injection Vulnerability
EMC RSA Web Threat Detection is a big data and security analytics solution from EMC. The solution detects cybercrime using Web session intelligence and real-time behavioral analysis. An SQL injection vulnerability exists in the Administration and Forensics applications in EMC RSA Web Threat...
SA165: NTP Vulnerabilities February 2018
SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code, modify the target's system time, prevent the target fro...
Introducing Web Security Analytics
Every security team knows that the success of any security product relies heavily on the ability to maintain an optimal security configuration. Any misconfiguration can result in malicious or undesired traffic reaching the application, or worse - legitimate traffic being blocked. In addition, it...
Introducing Web Security Analytics
Every security team knows that the success of any security product relies heavily on the ability to maintain an optimal security configuration. Any misconfiguration can result in malicious or undesired traffic reaching the application, or worse - legitimate traffic being blocked. In addition, it...
SA163: OpenSSH Vulnerability October 2017
SUMMARY Symantec Network Protection products using affected versions of OpenSSH are susceptible to a security vulnerability. A remote attacker with read-only access to an SFTP server can create a large number of zero-length files and deplete the target's hard disk space. AFFECTED PRODUCTS The...
SA159: OpenSSL Vulnerabilities 7-Dec-2017
SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to two security vulnerabilities. A remote attacker can obtain Diffie-Hellman private key information and sensitive information accidentally transmitted in plaintext over an SSL/TLS connection. AFFECTED...
SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks
SUMMARY Symantec Network Protection products, which run on an affected CPU chipset and execute arbitrary code from external sources, are susceptible to several information disclosure vulnerabilities aka Meltdown and Spectre attacks. A remote attacker, with the ability to execute arbitrary code...
Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
Description Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Apple Mac Os X 10.11.6 Apple iOS 11.2 Apple macOS 10.12.6 Apple macOS 10.13.2 Apple tvOS...
August 30, 2017 – Morning Cyber Coffee Headlines – “Eiffel Tower” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 30, 2017 - Headlines Carbon Black in the News: Carbon Black names Marco...
July 25, 2017 – Morning Cyber Coffee Headlines – “Henry Ford” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 25, 2017 - Headlines UK gov wants teens to practice cybersecurity in their...